← Advisories

VUPlayer 2.49 M3U Playlist File Remote Buffer Overflow Exploit

Medium

Advisory ID

ZSL-2008-4893

Release Date

18 August 2008

Vendor

James Chapman - http://www.vuplayer.com

Affected Version

2.49

CVE

N/A

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

VUPlayer is a freeware multi-format audio player for Windows.

Description

VUPlayer 2.49 suffers from a buffer overflow vulnerability that can be exploited remotely using user interaction and/or crafting. It fails to perform adequate boundry checking of the user input file (.m3u playlist, 1016 bytes), allowing us to overwrite the EIP, ECX and EBP registers.

 (e7c.c40): Access violation - code c0000005 (first chance)
 First chance exceptions are reported before any exception handling.
 This exception may be expected and handled.
 eax=00000000 ebx=00000001 ecx=41414141 edx=00da5c98 esi=0050b460 edi=0012ee24
 eip=41414141 esp=0012eab8 ebp=41414141 iopl=0         nv up ei pl zr na pe nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210246
 41414141 ??              ???

Proof of Concept

vuplayer_bof.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Greg Linares & Expanders in version 2.44 (2006)
Exploit coded by Gjoko Krstic

References

[1]http://www.securityfocus.com/bid/21363

[2]http://www.packetstormsecurity.org/filedesc/vuplayer_bof.pl.txt.html

[3]http://www.securityhome.eu/exploits/exploit.php?eid=13259671948aa1b65ce1f13.77636425

[4]http://www.youtube.com/watch?v=WajNe92FT5Y

[5]http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/eksploatacija-na-VUPlayer-2.49-+-Demonstracija

Changelog

18.08.2008Initial release

25.08.2008Added reference [4]

01.09.2008Added reference [5]